Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than CVE-2014-7263.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN89613370/360573/index.html | Vendor Advisory |
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000144 | Vendor Advisory |
http://jvn.jp/en/jp/JVN89613370/index.html | Vendor Advisory |
Configurations
Information
Published : 2014-12-11 16:59
Updated : 2014-12-12 12:31
NVD link : CVE-2014-7261
Mitre link : CVE-2014-7261
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
ultrapop
- i-httpd